2.1.1

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

1.3.2

Fixed

• Fix Ruby 2.7 deprecations(@aubinlrx #2462)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya eb9346df, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@mshibuya 91714add, GHSA-fwcm-636p-68r5)

2.1.0

Added

• Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)

Fixed

• Fix Ruby 2.7 deprecations(@mshibuya 9a37fc9e)
• Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@Bonias #2439)
• Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@p8 #2437)

2.0.2

Fixed

• Fix download causing nil error if the file has empty filename(@fukayatsu #2419, #2411)

2.0.1

Fixed

• Fix #{column}_cache unintentionally removing files on assigning empty string(@mshibuya 22e8005e, #2412)

2.0.0

Added

• Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
• Allow retrieval of uploader index within uploaders(@mshibuya #1771)
• Add ability to customize downloaders(@mshibuya #1636)
• Support internationalized domain names for downloader(@mshibuya #2086)
• Support authenticated_url for Aliyun provider(@Nitrino #2381)
• Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
• Support authenticated_url for AzureRM provider(@Nitrino #2375)
• Allow custom expires_at when building an authenticated_url(@stephankaag #2397)

Changed

• [BREAKING CHANGE] Use the storage given by storage configuration also for cache_storage unless explicitly specified(@mshibuya 629afecb)
• Improve Fog initialization(@mshibuya #2395)
• [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
• [BREAKING CHANGE] #remote_#{column}_urls= was changed to preserve precedent updates(@mshibuya 8f18a95b)
• #serializable_hash now returns string for version keys(@schovi #2246)
• Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a content_type_whitelist(@locriani #1934)
• Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
• Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
• Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)

Deprecated

• fog_provider configuration was deprecated and has no effect, just adding fog providers to Gemfile will load them(@mshibuya ca201ee2)
• CarrierWave::Uploader::Base#sanitized_file was deprecated, use #file instead(@mshibuya 28190e99)

Removed

• Remove support for Rails 4.x and Ruby 2.0/2.1 (@mshibuya bada043f)

Fixed

• Fix deleting files twice when marked for removal(@mshibuya 67800fde)
• Fix uploader.cache! loads entire contents of file into memory(@mshibuya #2136)
• Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
• Allow deleting all files for multiple file upload(@mshibuya #1990)
• Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
• Fix #clean_cache! breaking with old format of cache id(@mshibuya aab402fb)
• Fix #exists? returning true after Fog file deletion(@mshibuya #2387)
• Make #identifier available for a retrieved file(@mshibuya #1581)
• Make cache id generation less predictable(@mshibuya #2326)
• Uploaders not being cleared when #reload or #initialize_dup are overridden in model(@mshibuya #2379)
• Fix #content_type returning false, instead of nil(@longkt90 #2384)
• Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
• #recreate_versions! ignored :from_version when versions to recreate are given(@hedgesky #1879 #1164)

2.0.0.rc

Added

• Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
• Allow retrieval of uploader index within uploaders(@mshibuya #1771)
• Add ability to customize downloaders(@mshibuya #1636)
• Support internationalized domain names for downloader(@mshibuya #2086)
• Support authenticated_url for Aliyun provider(@Nitrino #2381)
• Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
• Support authenticated_url for AzureRM provider(@Nitrino #2375)
• Allow custom expires_at when building an authenticated_url(@stephankaag #2397)

Changed

• Use the storage given by storage configuration also for cache_storage unless explicitly specified(@mshibuya 629afecb)
• Improve Fog initialization(@mshibuya #2395)
• [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
• [BREAKING CHANGE] #remote_#{column}_urls= was changed to preserve precedent updates(@mshibuya 8f18a95b)
• #serializable_hash now returns string for version keys(@schovi #2246)
• Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a content_type_whitelist(@locriani #1934)
• Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
• Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
• Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)

Deprecated

• fog_provider configuration was deprecated and has no effect, just adding fog providers to Gemfile will load them(@mshibuya ca201ee2)
• CarrierWave::Uploader::Base#sanitized_file was deprecated, use #file instead(@mshibuya 28190e99)

Removed

• Remove support for Rails 4.x and Ruby 2.0/2.1 (@mshibuya bada043f)

Fixed

• Fix deleting files twice when marked for removal(@mshibuya 67800fde)
• Fix uploader.cache! loads entire contents of file into memory(@mshibuya #2136)
• Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
• Allow deleting all files for multiple file upload(@mshibuya #1990)
• Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
• Fix #clean_cache! breaking with old format of cache id(@mshibuya aab402fb)
• Fix #exists? returning true after Fog file deletion(@mshibuya #2387)
• Make #identifier available for a retrieved file(@mshibuya #1581)
• Make cache id generation less predictable(@mshibuya #2326)
• Uploaders not being cleared when #reload or #initialize_dup are overridden in model(@mshibuya #2379)
• Fix #content_type returning false, instead of nil(@longkt90 #2384)
• Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
• #recreate_versions! ignored :from_version when versions to recreate are given(@hedgesky #1879 #1164)

v0.10.0

• [changed] Memoize uploaders and uploader_options (Derek Parker and Joshua Davey from Hashrocket)
• [changed] Don't force pad background color to white in resize_and_pad (@fnordfish)
• [changed] Remove auth access information when parsing URL for filename (@nddeluca)
• [changed] Read Content type from cached and uploaded file, adds mime-types as hard dependency
• [added] Added authenticated_url functionality for Openstack storage (@snoopie)
• [added] Add Polish I18n translations for errors (@ArturT)
• [added] Add Greek locale for error messages (@agorf)
• [added] Add French locale for error messages (@gdurelle)
• [added] Add Japanese locale for error messages (@tomodian)
• [added] Add Norwegian locale for error messages (@theodorton)
• [added] Add Portuguese locale for error messages (@pedrosmmoreira)
• [fixed] Overridden serializable_hash accepts an options hash (@bensie)
• [fixed] Fog connection object performance issues (@taavo)
• [fixed] Delete Tempfile after manipulate with MiniMagick (@dimko)
• [fixed] Ensure #remove_#{column} and #remove_#{column} return false after committing with ActiveRecord (@bensie)
• [fixed] Fix issue with content-disposition existing with no filename when downloading, reports that Google does this (@hasghari / @bensie / @taavo)

v0.9.0

• [BREAKING CHANGE] Use integer time (UTC) to generate cache IDs [@bensie]
• [changed] Recommend using ActionController::Base.helpers instead of Sprockets::Rails::Helper for asset pipeline [@c0]
• [changed] Lots of URL encoding fixes [@taavo]
• [added] Added #version_exists? method [@tmaier]
• [added] Added configuration param (:fog_use_ssl_for_aws) to disable SSL for public_url [@pbzymek]
• [added] Add Dutch i18n translations for errors [@vanderhoorn]
• [added] Add Czech i18n translations for errors [@elmariofredo]
• [added] Add German i18n translations for errors [@felixbuenemann]
• [fixed] Gemspec error in Ruby 2.0.0 [@sanemat]
• [fixed] Fixed bug in serializing to xml or json where both :only and :except are passed [@Knack]
• [fixed] Fix recreate_versions! when version if proc returns false [@arthurnn]

v0.8.0

• [BREAKING CHANGE] Remove 'fog_endpoint' in favor of 'host' and/or 'endpoint' in fog_credentials [bensie]
• [changed] Remove autoload in favor of standard 'require' to help with thread safety [bensie]
• [added] Allow recreating only specified versions instead of all versions [div]
• [added] Add support for S3-compliant storage APIs that are not actually S3 [neuhausler]
• [added] Add #extension CarrierWave::Storage::Fog::File for fetching a file extension [sweatypitts]
• [fixed] Marshaling uploader objects no longer raises a TypeError on anonymous classes [bensie]